F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
i
Contents
Configuring ACLs ························································································································································· 1
Feature and hardware compatibility ······························································································································· 1
Overview ············································································································································································ 1
ACL categories ························································································································································· 1
Numbering and naming ACLs ································································································································ 2
Match order ······························································································································································ 2
Rule comments and rule range remarks ················································································································· 3
Rule numbering ························································································································································· 3
Implementing time-based ACL rules ························································································································ 3
Fragments filtering with ACLs ·································································································································· 4
Configuring the ACL in the Web interface ····················································································································· 4
Recommended IPv4 basic ACL configuration procedure ····················································································· 4
Recommended IPv4 advanced ACL configuration procedure ············································································· 4
Recommended Ethernet frame header ACL configuration procedure ································································ 4
Recommended IPv6 basic ACL configuration procedure ····················································································· 5
Recommended IPv6 advanced ACL configuration procedure ············································································· 5
Creating an ACL ······················································································································································· 5
Configuring an IPv4 basic ACL rule ······················································································································· 6
Configuring an IPv4 advanced ACL rule ··············································································································· 8
Configuring an Ethernet frame header ACL rule ······························································································· 10
Creating an IPv6 ACL ··········································································································································· 12
Configuring an IPv6 basic ACL rule ···················································································································· 13
Configuring an IPv6 advanced ACL rule ············································································································ 14
ACL configuration example ·································································································································· 15
Configuring the ACL at the CLI ····································································································································· 19
Configuration task list ··········································································································································· 19
Configuring a basic ACL ······································································································································ 19
Configuring an advanced ACL ···························································································································· 21
Configuring an Ethernet frame header ACL ······································································································· 23
Copying an ACL ···················································································································································· 24
Enabling ACL acceleration for an IPv4 basic or IPv4 advanced ACL ····························································· 24
Displaying and maintaining ACLs ······················································································································· 25
IPv6 advanced ACL configuration example ······································································································· 26
Configuration guidelines ··············································································································································· 28
Configuring security zones ········································································································································ 29
Overview ········································································································································································· 29
Basic concepts ······················································································································································· 29
Zone-based security policy application example ······························································································· 29
Configuring the security zone in the Web interface ·································································································· 30
Recommended configuration procedure ············································································································· 30
Creating a security zone ······································································································································ 30
Adding members to the security zone ················································································································· 32
Security zone configuration example ·················································································································· 34
Configuring the security zone at the CLI ······················································································································ 37
Security zone configuration task list ···················································································································· 37
Configuring a security zone ································································································································· 38
Creating a security zone ······································································································································ 38
Setting the priority of a security zone ················································································································· 38